DOLPA

Creating Custom Docker Networks

Docker provides several networking options for containers, such as bridge, host, and none, which are suitable for many basic use cases. However, as your containerized applications grow in complexity, you may need more control over how containers communicate.

Creating Custom Docker Networks

Overview

By default, Docker provides several networking options for containers, such as bridge, host, and none, which are suitable for many basic use cases. However, as your containerized applications grow in complexity, you may need more control over how containers communicate. This is where custom Docker networks come into play.

Custom Docker networks allow you to define your own networking rules and configurations, enabling you to create more isolated, secure, and efficient container environments. In this post, we’ll dive into how to create and manage custom Docker networks, the different types of networks you can create, and some best practices for using them effectively in multi-container applications.

1. Why Use Custom Docker Networks?

Docker's default networking options work well for small projects, but there are many reasons why you might want to create a custom network, including:

  • Isolation: You may want to isolate containers in different networks so that they cannot communicate with each other unless explicitly allowed.
  • Security: Custom networks can help enhance security by limiting which containers have access to certain services or sensitive data.
  • Custom DNS: Docker's built-in DNS service resolves container names to their IP addresses. Custom networks allow you to organize container DNS resolution more effectively, which is useful when dealing with microservices architectures.
  • Advanced Networking Configurations: With custom networks, you can control networking parameters like subnets, gateways, and IP addresses, which is especially useful for complex applications with specific networking requirements.

Custom Docker networks offer greater control over how containers communicate, both with each other and the outside world.

2. Types of Docker Networks

Before creating a custom network, it’s important to understand the types of Docker networks that are available:

  1. Bridge: The most common network type. Bridge networks allow containers on the same host to communicate with each other while remaining isolated from external networks. This is Docker’s default network type.
  2. Overlay: Used in multi-host environments, such as in Docker Swarm or Kubernetes. Overlay networks enable communication between containers running on different Docker hosts.
  3. Macvlan: This network mode allows containers to have their own unique MAC address on the physical network, making them appear as individual devices on the local network.
  4. Host: Not custom, but relevant to certain use cases. In host mode, the container shares the host’s network stack, bypassing any virtual networks.
  5. None: Completely disables networking for a container. This can be used when you need a highly isolated container.

In this post, we’ll focus on bridge and overlay networks, as they are the most commonly used types when creating custom Docker networks.

3. Creating a Custom Bridge Network

The default bridge network automatically assigns IP addresses and allows communication between containers running on the same network. However, you can create your own custom bridge network with specific settings like a custom subnet or IP address range.

Steps to Create a Custom Bridge Network:

  1. Create the Network: Use the docker network create command to create a custom bridge network.
docker network create \
  --driver bridge \
  --subnet 192.168.100.0/24 \
  my_custom_bridge

In this command:

  • --driver bridge specifies that you are creating a bridge network.
  • --subnet 192.168.100.0/24 specifies a custom subnet range for the network.
  • my_custom_bridge is the name of the network.

Docker will automatically assign IP addresses to containers within the range of the provided subnet.

Benefits of Using a Custom Bridge Network:

  • IP Management: You have control over the IP range used by containers.
  • Container Communication: Containers on the same network can easily communicate with each other using container names as DNS names.
  • Service Isolation: Containers connected to a custom bridge network are isolated from those on other networks unless you explicitly connect them to multiple networks.

4. Connecting Containers to a Custom Network

Once you have created a custom network, you can connect containers to it using the --network flag when running a container.

Example:

docker run -d --name webserver --network my_custom_bridge nginx
docker run -d --name appserver --network my_custom_bridge my_app_image

In this example:

  • The nginx container and the my_app_image container are connected to the same my_custom_bridge network.
  • They can communicate with each other using their container names (e.g., webserver, appserver) as DNS names.

5. Isolating Containers with Custom Networks

A major advantage of custom networks is the ability to isolate containers that do not need to communicate with each other. This isolation is important for security and for ensuring that services only talk to the components they need to.

Example:

Let’s say you have a web server and a database running in different containers. You want them to communicate, but you also have a monitoring container that shouldn’t be accessible by the web server or the database.

You can create two separate custom networks for isolation:

docker network create --driver bridge web_network
docker network create --driver bridge monitoring_network

Then, connect the containers to their respective networks:

docker run -d --name webserver --network web_network nginx
docker run -d --name database --network web_network postgres
docker run -d --name monitoring --network monitoring_network prometheus

In this setup:

  • The web server and the database can communicate because they are on the same web_network.
  • The monitoring container is isolated from the web server and database since it’s on a different monitoring_network.

6. Creating an Overlay Network

Overlay networks are used to enable communication between containers across multiple Docker hosts, making them useful in Docker Swarm or Kubernetes environments. To create an overlay network, you must be running Docker in Swarm mode.

Steps to Create an Overlay Network:

  1. Initialize Docker Swarm:
docker swarm init
  1. Create the Overlay Network:
docker network create \
  --driver overlay \
  my_overlay_network

In this example:

  • --driver overlay specifies that you are creating an overlay network.
  • my_overlay_network is the name of the overlay network.

Now, containers running on different Docker hosts that are part of the same Swarm cluster can communicate through this network.

7. Inspecting and Managing Docker Networks

Docker provides several commands to manage and inspect networks. You can view all networks on your Docker host using the docker network ls command:

docker network ls

To inspect a specific network and view details such as its driver, subnet, and connected containers, use the docker network inspect command:

docker network inspect my_custom_bridge

To remove a network, use the docker network rm command:

docker network rm my_custom_bridge

Be aware that you cannot remove a network if containers are still connected to it. First, stop or disconnect the containers, and then remove the network.

8. Best Practices for Using Custom Docker Networks

  1. Use Custom Networks for Multi-Container Applications: When running multi-container applications, always use custom networks to group related containers together.
  2. Isolate Sensitive Services: For security reasons, it’s a good practice to isolate containers that handle sensitive data (e.g., databases) on their own network.
  3. Use DNS for Communication: Instead of hard-coding IP addresses, use container names as DNS names for communication between containers. This improves flexibility and reduces the chances of misconfiguration.
  4. Monitor Network Traffic: For large-scale deployments, monitor and analyze network traffic between containers to ensure there are no bottlenecks or security risks.
  5. Use Overlay Networks for Multi-Host Deployments: If you're running Docker in a Swarm or Kubernetes environment, use overlay networks to allow containers across different hosts to communicate securely.

Conclusion

Custom Docker networks offer a flexible and powerful way to manage container communication, security, and isolation. Whether you’re working with a simple single-host application or a distributed multi-host system, creating custom networks allows you to tailor container communication to your specific needs.

By leveraging bridge networks for local communication, overlay networks for distributed environments, and isolating containers where necessary, you can ensure that your Dockerized applications are both secure and efficient.

Now that you have a deeper understanding of how to create and use custom Docker networks, you can start optimizing your containerized applications for better performance and security!

Now that we are familiar with Docker custom networks, I’d like to point you to another one of my posts about VMware Workstation network configuration. I think it’s a great follow-up read to deepen your understanding of network setups across different platforms. You can find it here."

Share Share Share Share Share Email

Read next

Minimizing the Number of Layers in a Dockerfile

One key consideration is the number of layers created during the build process. Each instruction in a Dockerfile adds a new layer to the image. While layers can provide benefits in terms of caching and reusability, having too many layers can lead to larger image sizes and longer build times.

Understanding Docker’s Default Networking Modes

Docker offers a powerful and flexible networking model that enables containers to communicate with each other, the host, and the outside world. Networking is a crucial part of containerized applications, as it allows multiple services, often running in separate containers, to collaborate.

Managing Persistent Data with Docker Compose

Docker Compose is one of the essential tools in the Docker ecosystem that allows you to define and manage multi-container applications with ease. However, managing persistent data within a multi-container setup can be challenging